Re: Basic Site-to-Site IPSec VPN based Narbik book

Tony,
thanks for your input. It helps and the problem solved. Thanks

On Mon, Oct 25, 2010 at 9:07 PM, Tony Schaffran (GS) <
groupstudy_at_cconlinelabs.com> wrote:

> The reason your tunnel is not up is because you have not sent any
> interesting traffic. You are unable to send interesting traffic without
> the
> routes in place because each router does not know how to reach the others
> loopback IP address.
>
> Tony Schaffran
> Sr. Network Consultant
> CCIE #11071
> CCNP, CCNA, CCDA,
> NNCDS, NNCSS, CNE, MCSE
>
>
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Andrew junie
> Sent: Monday, October 25, 2010 9:44 AM
> To: Ryan DeBerry
> Cc: ccielab_at_groupstudy.com
> Subject: Re: Basic Site-to-Site IPSec VPN based Narbik book
>
> Ryan, Why we need deault route because the peer is directly connected and
> its reachable...
>
> Even I add the default route....seems same situation... I can able to reach
> the loopback due to the default route...but isnt my goal
>
> Rack1R2#sh crypto isakmp sa
> IPv4 Crypto ISAKMP SA
> dst src state conn-id slot status
>
> IPv6 Crypto ISAKMP SA
>
> Rack1R2#
>
>
> On Mon, Oct 25, 2010 at 8:31 PM, Ryan DeBerry <rdeberry_at_gmail.com> wrote:
>
> > What does your routing table look like?
> >
> > Add a default route and test again.
> >
> > On Mon, Oct 25, 2010 at 12:19 PM, Andrew junie
> <andrew.junie_at_gmail.com>wrote:
> >
> >> Hi,
> >>
> >> I am playing in Dynamip for Basic Site to Site IPSec VPN (IOS-IOS) using
> >> narbik Site-to-Site VPN workbook
> >>
> >> I couldn't able to up the IPSec Tunnel, I am not sure what mistake I
> >> did .Here is the config
> >>
> >> Both routers directly connected and the IOS is
> >> c3725-adventerprisek9-mz.124-15.T9.BIN
> >>
> >>
> >> R1
> >> !
> >> !
> >> interface Loopback0
> >> ip address 1.1.1.1 255.255.255.0
> >> !
> >> interface FastEthernet0/1
> >> ip address 10.10.10.1 255.255.255.0
> >> duplex auto
> >> speed auto
> >> crypto map CMAP
> >> !
> >>
> >> crypto isakmp policy 10
> >> encr 3des
> >> hash md5
> >> authentication pre-share
> >> group 2
> >> crypto isakmp key 6 CISCO321 address 10.10.10.2
> >> !
> >> !
> >> crypto ipsec transform-set TSET esp-3des esp-md5-hmac
> >> !
> >> crypto map CMAP 10 ipsec-isakmp
> >> set peer 10.10.10.2
> >> set transform-set TSET
> >> match address 120
> >> !
> >> !
> >> access-list 120 permit ip 1.1.1.0 0.0.0.255 4.4.4.0 0.0.0.255
> >>
> >>
> >>
> >> R2
> >> !
> >> interface Loopback0
> >> ip address 4.4.4.4 255.255.255.0
> >> !
> >> interface FastEthernet0/1
> >> ip address 10.10.10.2 255.255.255.0
> >> duplex auto
> >> speed auto
> >> crypto map CMAP
> >> !
> >> crypto isakmp policy 10
> >> encr 3des
> >> hash md5
> >> authentication pre-share
> >> group 2
> >> crypto isakmp key 6 CISCO321 address 10.10.10.1
> >> !
> >> !
> >> crypto ipsec transform-set TSET esp-3des esp-md5-hmac
> >> !
> >> crypto map CMAP 10 ipsec-isakmp
> >> set peer 10.10.10.1
> >> set transform-set TSET
> >> match address 121
> >> !
> >> access-list 121 permit ip 4.4.4.0 0.0.0.255 1.1.1.0 0.0.0.255
> >>
> >>
> >>
> >> Rack1R2#sh crypto isakmp sa
> >> IPv4 Crypto ISAKMP SA
> >> dst src state conn-id slot status
> >>
> >> IPv6 Crypto ISAKMP SA
> >>
> >> Thats it I got
> >> !
> >>
> >> I enabled Debug on both side .
> >> debug crypto ipsec
> >>
> >> debug crypto isakmp
> >>
> >> got nothing...
> >>
> >> Anyone point me what mistake I done .
> >>
> >> I appreciate your input
> >>
> >> Thanks
> >>
> >> Andrew
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Mon Oct 25 2010 - 21:21:26 ART